Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trend Micro RUBotted telling Bot Found


  • This topic is locked This topic is locked
12 replies to this topic

#1 Federico

Federico

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 13 May 2009 - 05:30 PM

I install the Trend Micro RUBotted app and a week ago starts telling BOT Found, it tells you to go to HouseCall to fix this but when I tried its not working, remains in the screen Update/Install forever.
Tried System Cleaner (also from Tren Micro) and it shows a BKDR_Generic in muvee Technologies directory, I suppose it was removed but the RUBotted still telling BOT Found.
Tried NoAdware5 and tell that a Troyan (sorry, dont remember name) for long distance calls was found but I need to by the license to remove it.
PLEASE HELP ME!!!


DDS (Ver_09-05-14.01) - NTFSx86
Run by Federico at 17:05:23.77 on 13/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.52.3082.18.1014.239 [GMT -5:00]

AV: Prodigy Antivirus *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
SP: Prodigy Antivirus *enabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PskSvc.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\pavsrvx86.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\AVENGINE.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\ApVxdWin.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PsImSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\WebProxy.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Federico\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Creative WebCam Tray] c:\program files\creative\shared files\CAMTRAY.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [APVXDWIN] "c:\program files\prodigy antivirus\prodigy antivirus\APVXDWIN.EXE" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\program files\prodigy antivirus\prodigy antivirus\pavlsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: avldr - avldr.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-26 28544]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-6-26 38968]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2008-6-26 46648]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-6-26 178872]
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;c:\program files\symantec\liveupdate\AluSchedulerSvc.exe [2007-4-8 554616]
R2 PskSvcRetail;Panda PSK service;c:\program files\prodigy antivirus\prodigy antivirus\psksvc.exe [2008-6-26 27696]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-4-22 582992]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-4-22 206608]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-4-22 206608]

=============== Created Last 30 ================

2009-05-13 16:27 <DIR> --d----- c:\program files\NoAdware
2009-05-12 20:46 <DIR> --d----- c:\users\federico\Tracing
2009-05-12 18:57 <DIR> --d----- c:\program files\Microsoft
2009-05-12 18:57 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-12 18:40 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-07 13:44 <DIR> --d----- c:\users\federico\.housecall6.6
2009-04-26 15:19 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-26 15:19 <DIR> --d----- c:\program files\Panda Security
2009-04-22 16:40 <DIR> --d----- c:\programdata\Pinnacle VideoSpin
2009-04-22 16:40 <DIR> --d----- c:\program files\Pinnacle
2009-04-22 16:40 <DIR> --d----- c:\program files\common files\Yahoo!
2009-04-22 16:40 <DIR> --d----- c:\progra~2\Pinnacle VideoSpin
2009-04-22 16:37 <DIR> --d----- c:\programdata\Pinnacle
2009-04-22 14:19 206,608 a------- c:\windows\system32\drivers\TMPassthru.sys
2009-04-22 14:19 <DIR> --d----- c:\program files\Trend Micro
2009-04-20 13:50 <DIR> --d----- c:\programdata\Apple Computer
2009-04-20 13:49 <DIR> --d----- c:\programdata\Apple

==================== Find3M ====================

2009-05-13 16:08 664,130 a------- c:\windows\system32\perfh00A.dat
2009-05-13 16:08 128,346 a------- c:\windows\system32\perfc00A.dat
2009-05-12 20:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-12 20:38 51,200 a------- c:\windows\inf\infpub.dat
2009-05-12 20:38 86,016 a------- c:\windows\inf\infstor.dat
2009-03-27 10:40 824 a------- c:\users\federico\appdata\roaming\wklnhst.dat
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-09 06:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 06:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 06:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 06:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 06:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 06:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 06:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 06:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 06:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 06:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 06:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-02 23:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 23:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 23:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 23:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 23:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 23:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 23:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 23:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 22:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 21:38 17,408 a------- c:\windows\system32\iashost.exe
2009-02-13 03:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 03:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2008-06-18 12:13 174 a--sh--- c:\program files\desktop.ini
2008-06-18 12:05 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 10:43 336,930 a------- c:\windows\inf\perflib\0c0a\perfi.dat
2006-11-02 10:43 336,930 a------- c:\windows\inf\perflib\0c0a\perfh.dat
2006-11-02 10:43 40,258 a------- c:\windows\inf\perflib\0c0a\perfd.dat
2006-11-02 10:43 40,258 a------- c:\windows\inf\perflib\0c0a\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-11-18 13:53 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-18 13:53 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-18 13:53 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-07-01 12:57 22 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 17:06:29.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:06 PM

Posted 27 May 2009 - 03:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Federico

Federico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 27 May 2009 - 04:50 PM

Hello and thankyou for your replay.
So far the only thing I have done is to run the TotalscanPro from Panda (the A/V that I have from my Internet Service Provider - Prodigy).
Nothing bad was found.
By the way the RUBotted log shows only this: 07/05/2009 13:39:51 Detected DNS query of malicious domain


DDS (Ver_09-05-14.01) - NTFSx86
Run by Federico at 16:23:29.49 on 27/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.52.3082.18.1014.287 [GMT -5:00]

AV: Prodigy Antivirus *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
SP: Prodigy Antivirus *disabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PskSvc.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\pavsrvx86.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\AVENGINE.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PsImSvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Federico\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Creative WebCam Tray] c:\program files\creative\shared files\CAMTRAY.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [APVXDWIN] "c:\program files\prodigy antivirus\prodigy antivirus\APVXDWIN.EXE" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\program files\prodigy antivirus\prodigy antivirus\pavlsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: avldr - avldr.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-26 28544]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-6-26 38968]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2008-6-26 46648]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-6-26 178872]
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;c:\program files\symantec\liveupdate\AluSchedulerSvc.exe [2007-4-8 554616]
R2 PskSvcRetail;Panda PSK service;c:\program files\prodigy antivirus\prodigy antivirus\psksvc.exe [2008-6-26 27696]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-4-22 582992]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-4-22 206608]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-5-14 55280]
S3 fsssvc;Windows Live Protección Infantil;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-4-22 206608]

=============== Created Last 30 ================

2009-05-27 12:07 <DIR> --d----- c:\windows\system32\vi-VN
2009-05-27 12:07 <DIR> --d----- c:\windows\system32\eu-ES
2009-05-27 12:07 <DIR> --d----- c:\windows\system32\ca-ES
2009-05-27 11:53 <DIR> --d----- c:\windows\system32\EventProviders
2009-05-27 11:51 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-05-27 11:50 135,168 a------- c:\windows\system32\wshom.ocx
2009-05-27 11:49 247,808 a------- c:\windows\system32\drvstore.dll
2009-05-23 17:00 <DIR> --d----- c:\program files\Veoh Networks
2009-05-14 12:42 55,280 a------- c:\windows\system32\drivers\fssfltr.sys
2009-05-13 17:45 <DIR> --d----- c:\users\federico\Seguridad
2009-05-13 16:27 <DIR> --d----- c:\program files\NoAdware
2009-05-12 20:46 <DIR> --d----- c:\users\federico\Tracing
2009-05-12 18:57 <DIR> --d----- c:\program files\Microsoft
2009-05-12 18:57 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-12 18:40 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-05-27 16:11 664,130 a------- c:\windows\system32\perfh00A.dat
2009-05-27 16:11 128,346 a------- c:\windows\system32\perfc00A.dat
2009-05-27 12:11 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-27 12:11 86,016 a------- c:\windows\inf\infstor.dat
2009-05-27 12:11 51,200 a------- c:\windows\inf\infpub.dat
2009-05-27 12:07 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-11 01:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 01:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 01:33 292,840 a------- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 01:33 897,000 a------- c:\windows\system32\drivers\tcpip.sys
2009-04-11 01:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 01:28 342,528 a------- c:\windows\system32\zipfldr.dll
2009-04-11 01:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 01:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 01:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 00:42 93,696 a------- c:\windows\system32\drivers\bridge.sys
2009-04-11 00:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 00:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 23:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-10 23:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-10 23:51 180,736 a------- c:\windows\system32\drivers\rdpwd.sys
2009-04-10 23:47 273,920 a------- c:\windows\system32\drivers\afd.sys
2009-04-10 23:46 69,120 a------- c:\windows\system32\drivers\rassstp.sys
2009-04-10 23:46 121,344 a------- c:\windows\system32\drivers\ndiswan.sys
2009-04-10 23:46 41,472 a------- c:\windows\system32\drivers\raspppoe.sys
2009-04-10 23:46 15,872 a------- c:\windows\system32\drivers\usb8023.sys
2009-04-10 23:46 33,280 a------- c:\windows\system32\drivers\RNDISMP.sys
2009-04-10 23:46 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-04-10 23:45 72,192 a------- c:\windows\system32\drivers\tdx.sys
2009-04-10 23:45 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-04-10 23:45 185,856 a------- c:\windows\system32\drivers\netbt.sys
2009-04-10 23:45 401,408 a------- c:\windows\system32\drivers\http.sys
2009-04-10 23:45 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-10 23:45 66,560 a------- c:\windows\system32\drivers\smb.sys
2009-04-10 23:43 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-04-10 23:43 196,096 a------- c:\windows\system32\drivers\usbhub.sys
2009-04-10 23:43 62,208 a------- c:\windows\system32\drivers\ohci1394.sys
2009-04-10 23:42 226,304 a------- c:\windows\system32\drivers\usbport.sys
2009-04-10 23:42 25,856 a------- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-10 23:42 25,856 a------- c:\windows\system32\drivers\USBCAMD.sys
2009-04-10 23:42 73,216 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-04-10 23:42 39,936 a------- c:\windows\system32\drivers\usbehci.sys
2009-04-10 23:42 167,936 a------- c:\windows\system32\drivers\portcls.sys
2009-04-10 23:42 52,992 a------- c:\windows\system32\drivers\stream.sys
2009-04-10 23:42 561,152 a------- c:\windows\system32\drivers\hdaudbus.sys
2009-04-10 23:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-10 23:39 67,072 a------- c:\windows\system32\drivers\cdrom.sys
2009-04-10 23:39 19,456 a------- c:\windows\system32\drivers\Diskdump.sys
2009-04-10 23:38 149,504 a------- c:\windows\system32\drivers\ks.sys
2009-04-10 23:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-10 23:24 2,034,688 a------- c:\windows\system32\win32k.sys
2009-04-10 23:23 626,176 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-10 23:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-10 23:23 76,288 a------- c:\windows\system32\drivers\dxg.sys
2009-04-10 23:22 33,280 a------- c:\windows\system32\drivers\watchdog.sys
2009-04-10 23:15 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-10 23:15 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-04-10 23:15 98,816 a------- c:\windows\system32\drivers\srvnet.sys
2009-04-10 23:14 114,688 a------- c:\windows\system32\drivers\mrxdav.sys
2009-04-10 23:14 212,992 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-10 23:14 225,280 a------- c:\windows\system32\drivers\rdbss.sys
2009-04-10 23:14 79,360 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-10 23:14 105,984 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-04-10 23:14 75,264 a------- c:\windows\system32\drivers\dfsc.sys
2009-04-10 23:14 35,328 a------- c:\windows\system32\drivers\npfs.sys
2009-04-10 23:13 226,816 a------- c:\windows\system32\drivers\udfs.sys
2009-04-10 23:13 136,704 a------- c:\windows\system32\drivers\exfat.sys
2009-04-10 23:13 142,848 a------- c:\windows\system32\drivers\fastfat.sys
2009-04-10 23:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 21:52 684,032 a------- c:\windows\system32\drivers\spsys.sys
2009-04-10 20:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-03-29 23:42 278,848 a------- c:\windows\system32\mscoree.dll
2009-03-29 23:42 155,456 a------- c:\windows\system32\mscorier.dll
2009-03-29 23:42 93,512 a------- c:\windows\system32\dfshim.dll
2009-03-29 23:42 80,720 a------- c:\windows\system32\mscories.dll
2009-03-27 10:40 824 a------- c:\users\federico\appdata\roaming\wklnhst.dat
2009-03-09 06:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 06:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 06:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 06:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 06:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 06:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 06:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 06:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 06:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 06:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 06:22 156,160 a------- c:\windows\system32\msls31.dll
2008-06-18 12:13 174 a--sh--- c:\program files\desktop.ini
2006-11-02 10:43 336,930 a------- c:\windows\inf\perflib\0c0a\perfi.dat
2006-11-02 10:43 336,930 a------- c:\windows\inf\perflib\0c0a\perfh.dat
2006-11-02 10:43 40,258 a------- c:\windows\inf\perflib\0c0a\perfd.dat
2006-11-02 10:43:35 A------- 40,258 c:\windows\inf\perflib\0c0a\perfc.dat
2007-07-01 12:57 22 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 16:25:20.31 ===============

Attached Files



#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:06 PM

Posted 28 May 2009 - 06:10 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 Federico

Federico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 29 May 2009 - 01:47 PM

Hello Hoov,
I have not do anything since the last DDS logs I posted.
Actually my PC is seems to be working ok, but I am not sure if I can connect to my bank or other sites were I normally connecto to pay or arder stuff
due to thid Botted message.

Now I did exactly what you typed and I got the following result log:

Malwarebytes' Anti-Malware 1.37
Versión de la Base de Datos: 2193
Windows 6.0.6002 Service Pack 2

29/05/2009 01:32:23 p.m.
mbam-log-2009-05-29 (13-32-23).txt

Tipo de examen : Examen Rápido
Objetos examinados: 85256
Tiempo transcurrido: 3 minute(s), 38 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)


Sorry its in Spanish, but what it points out its that it didnt find anything bad
Do you want me to run a full scan?
I wonder if the RUBotted report is for real.

Thankyou very much for your help.

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:06 PM

Posted 29 May 2009 - 11:02 PM

can you post the RUBotted log?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 Federico

Federico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 31 May 2009 - 08:50 AM

Yes,
Here it is:

The main screen:

Bot Found
Find out whether your computer has been taken over by a Bot program to serve as channel for sending spam and attacking other computers.


The Log:

The log contains shows all suspicious activities detected during the past 45 days. RUBotted determined your current status based on the last 30 seconds of monitoring.
Refresh Delete
Time Activity Detected
07/05/2009 13:39:51 Detected DNS query of malicious domain

Regards,

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:06 PM

Posted 31 May 2009 - 10:55 AM

And it is just the one entry?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 Federico

Federico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 04 June 2009 - 10:33 AM

Hello,
Sorry for the delay, I was out of town, no access to mail.
Yes, everytime I run the RUBotted it shows the same result.
No changes in the log.
But allways shows I am BOTTED, well, the PC....
Regards,

#10 Federico

Federico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 04 June 2009 - 12:32 PM

I am very sorry about this,
I delete the log, that is all I did, and now the RUBotted shows No Bots Found!!!!
I fill terrible for waisting your time.
I dont now if I need to do something else regarding this RUBotted program.
Thankyou very much for your help.
Best regards,

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:06 PM

Posted 04 June 2009 - 04:54 PM

The RU botted program is still in beta, go ahead and use it, but you can't take the results as gospel, either positive or negative.

And no worries about wasting my time. I would rather waste a little, than get someone that waited way to long to get help.

Do you have any other questions or concerns that I can help you with?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 Federico

Federico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 04 June 2009 - 06:21 PM

So far no problems seems to be in the operation of the PC.
The A/V doesnot shows any kind of infection.
Once again, thank you very much for your support.
Best Regards,

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:06 PM

Posted 04 June 2009 - 10:32 PM

You are welcome!
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users